SUMMARY
This is a package that contains several tools to manipulate authz files (as
used by mod_auth_svn module for Subversion. The main reason for this
package to exist – big authz files and authz files located on remote
computers.
CURRENT VERSION
Current version — 0.6.1, released on 13th of July, 2005
CHANGELOG
v0.6.1, 13.07.2005
Jon Schewe suggested to use SCRIPT_NAME variable instead of hardcoding the path
v0.6, 22.06.2005
fixed a bug with authz-admin (it did not append new line in one place, result was
that some lines were merged which caused problems); paths for a particular
repository are shown in the lexicographical order (helps to navigate through
multiple entries); added preliminary code for htpasswd files management
v0.5, 5.04.2005
Fixed a bug (authz-admin did not seem to do what it was expected
to do); added fine grained rights for manipulating authz files via cgi-script
v0.4.2, 3.04.2005
Added one more configuration parameter to the authz-admin script (thanks,
extrealm): you can now specify how you access the script on your server
v0.4, 3.04.2005
Added authz-admin cgi-script
v0.3, 2.04.2005
Initial version
USAGE
authz-tool
Its usage is pretty simple:
authz-tool <authzfile> <operation> [<arg>]
Where operation is one of the following:
- getgroups
- dumps the content of [groups] section to the standard output
- setgroups
- replaces the contents of the [groups] section with what is given on the
standard input. if the input does not have a [groups] section, the [groups]
section in the specified file will be removed
- get <repo>
- dump all sections that are related to the specified repository
- set <repo>
- replaces all sections for the specified repository with what is given on
the standard input. the input is going to be checked and only appropriate
sections will be put in the file
- del <repo>
- remove all sections related to the specified repository
NOTE: for the operations with general unqualified sections, you may
specify '' (empty string) as a repository name
authz-admin
authz-admin is a CGI script that allows modification of an authz file
It can be used in two essentially different ways:
- there are no restrictions accessing the script
- user must be authenticated to access the script
Installation (Common Part)
Restricted Access
When run script checks if the user had to authenticate herself. If yes,
then the script will perform additional checks to see if the user can perform
certain operations. The rights are granted by adding user to the special groups
(these must be defined in [groups] section):
- authz-admin-<super>
- only users from this group can modify [groups] section
- authz-admin-<global>
- users from this group can modify all non qualified paths (sections that
are named like [/path])
- authz-admin-repo
- users from this group can modify paths for the specific repo (sections
that are named like [repo:/path])
So to restrict certain operations to specific users you'd have to do the
following (for apache):
BUGS
Huh?
AUTHOR
Mikhail Sobolev, <mss@mawhrin.net>
COPYRIGHT
Copyright © 2005, Mikhail Sobolev
You may use, modify and redistribute this program according to the terms and
conditions of GPL v2
CREDITS
Thanks to darix at #svn for the idea:
<darix> start coding
and to Alexey Vyskubov:
if you finished coding, release it!
I'd also like to thank these people:
REVISION
Last updated:
Wed, 13 Jul 2005 01:19:05 +0400
|